Privacy Policy

1. Introduction

1.1 Document Purpose

This Policy describes how Umba collects, uses and processes personal information provided by all users of the Application or individuals whose information Umba otherwise receives in connection with its services. This Policy is incorporated into Umba’s Terms and Conditions which is set out at along with any other terms of use.

This policy applies to those who provide information to Umba in connection with the use of our services, and applies to the use by the individual user of:

  1. Umba’s mobile application software (App), which is available on the Google Play Store (App Site), once the individual user has completed the process of downloading or streaming a copy of the App onto their mobile telephone or handheld device (Device).
  2. Services which can be accessed through the App (Services), which are available on the App Site or other Umba websites (Services Sites).

All those subject to this policy are referred to as “users”  or ‘you’ for purposes of this policy. Umba is referred to as ‘our’ or ‘we’.

In this policy we will explain the following:-

  1. The personal data we collect and retain
  2. Use of cookies
  3. Use of third-party links
  4. The rights of a data subject
  5. How we use the data we collect
  6. Sharing of personal data
  7. Security
  8. Changes to this policy

It is the individual user’s responsibility to read through the following provisions in order to gain a thorough understanding of Umba’s views and practices relating to the user’s personal data and how it will be treated.

1.2 Document Version

Version 1.0, 19/08/2020

1.3 Document version control

This policy is subject to change based on legislative changes, need or in response to changes in our working arrangements. Any changes to this policy will be approved by the authorized officers and communicated to all staff.

1.4 Document distribution

This document contains information on how Umba collects, uses, and processes personal data and is for distribution to all individuals who share their personal data with Umba.

2. How Umba collects information

Umba will collect information through;

  1. Information provided by the individual user about the user themselves (Submitted Information)
  2. correspondence with Umba, by email or instant message or chat or other means of communications.
  3. information which is to include information provided by the individual user when they register to use the App Site, download or register the App, share data when subscribing to any of Umba’s Services (loan applications for example), share data through the App’s social media capabilities, enter a competition, promotion or survey, when the user may decide to report a problem with an App, Umba’s Services, or any of Umba’s websites;

3. Description of data that we collect and retain

3.1 Personal information

We may collect the following personal information upon registration for use of the service:-

  1. Full name
  2. Address
  3. Email address
  4. Mobile phone number
  5. SIM card
  6. Username
  7. Date of birth and age
  8. Password and any other information required during the registration process.
  9. Your contact with us such as when you call us or interact with us through the app, email, social media etc.

3.2 Phone information

We may also collect the following information from your phone:-

  1. Phone contacts
  2. Mobile money transactions from mobile money providers
  3. Applications stored on the device

3.3 Information collected relating to the individual and their device

When you visit one of Umba’s websites or use one of Umba’s Apps, the following information may be automatically collected:

  1. information of a technical nature, to include the type of mobile device used by the user, unique device identifiers (such as the Device’s IMEI or serial number), SIM card information, mobile network information, the user’s device operating system, the browser which is being utilized by the user, the location of the Device and its time zone setting (Device Information);
  2. information which is stored on the individual user’s Device, which may include but not limited to call logs, message logs, Facebook friends, contact lists from the Device and social media accounts, photos, videos or other digital content (Content Information);
  3. information relating to the individual user’s use of any of Umba’s Apps or any visits by the user to any of Umba’s websites. This includes but is not limited to location data, traffic data, weblogs and other data (Log Information).

3.4 Location information

We may use GPS technology or other location services to determine your location. You may revoke their consent to collection of location data at any time by logging out and uninstalling the App from their device.

3.5 Information from other sources (Third Party Information)

Umba has working relationships with a number of third parties, including IPRS (Integrated Population Registration Services), credit reference agencies and mobile network providers, banks, from whom we may on occasion receive information about you.

3.6 Unique application numbers

Where you decide to install or uninstall an App which contains a unique application number or where an App searches for automatic updates, the version number in question along with information about the user’s installation, such as the kind of operating system, may be sent to Umba.

4. Sensitive Data

We may collect special or sensitive data about you such as gender/sex, personal identifiable information, information on your previous offences and convictions and sensitive financial information. From your device we may collect your SMs logs, contacts, phone state, location and applications. Where we collect such information, we shall collect, process and store that data in accordance with the provisions of the prevailing Data Protection Laws and as set out in Clause 11.

5. Tracking and Cookies

We may utilize services such as mobile tracking technologies and/or website cookies in an effort to distinguish the individual user from other users of the App, App Site, or Service Site. This assists us in providing you with a positive experience when you use the App or visit any of the websites and also gives us the tools to continuously improve the App and websites.

6. Third-party links

Occasionally, at our discretion, we may include or offer third-party products or services on our application or website. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.

7. Retention of data

We only retain personal data for as long as it is necessary to do so in line with the Data Protection Laws. This means that we retain data:

  1. For as long as you continue to use our services
  2. For any period required by law.
  3. For purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.
  4. For the purposes of any legal proceedings. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation arising out of our relationship with you.

We may hold anonymized information that is no longer associated with you indefinitely.

8. The rights of the User

With regards to the personal data we collect about you, as a data subject you have the following rights;

  1. to be informed of the use to which your personal data is to be put;
  2. to access your personal data in our custody;
  3. to object to the processing of all or part of your personal data;
  4. to correct false or misleading data; and
  5. to delete any false or misleading data.

9. Exercise of the rights of the User

In order to exercise any of the rights of the user Umba has in place procedures to enable you to do the following:-

  1. Access personal data held by Umba
  2. Object to processing of personal data by Umba
  3. Correct or delete of false or misleading data held by Umba
  4. Restrict of processing of personal data
  5. Data Portability
  6. Share complaints
  7. Get information on automatic individual decision making

To access the procedure please contact the data protection officer/ officer in charge at the following

You may update and correct your data from the App from your device.

10. How do we use the personal data we collect?

We use information we collect in the following ways;

  1. To facilitate your access to Umba products and services for as long as you maintain an account.
  2. To take a decision regarding whether a loan will or will not be granted to you, what amount such a loan may be and the Terms and Conditions which apply to any such loan and carrying out credit checks and credit scoring;
  3. Billing you for using our services or taking the appropriate amount of credit from you;
  4. Responding to any of your queries or concerns;
  5. To validate your device to enable you access the services;
  6. to understand your device usage to facilitate credit scoring and anti-fraud checks;
  7. Verifying your identity information through publicly available and/or restricted government databases in order to comply with applicable regulatory requirements;
  8. Quality control and ensuring maintenance of optimal system operations;
  9. We may associate one or more categories of information with any other category of information that we see fit to and this combined information will be treated as personal data in accordance with the provisions set out in this policy, for as long as it is combined.
  10. We will use the personal data of the individual user to compile statistics regarding our user base and/or loan portfolio. Umba may decide to provide this information to any third party for this purpose, on the condition that the information will always be anonymous.
  11. Where Umba would like to utilize your information for the purposes of marketing, you will be informed before such a use takes place. You have the right to prevent a usage of this nature from taking place by informing Umba that you are opposed to the use of such information for marketing purposes. The user is also entitled to exercise this right at any time by contacting Umba at

11. Processing of personal data

We will process the personal data we collect based on lawful basis allowed under Data Protection Laws being;

  1. Your consent
  2. Performance of a Contract or Agreement with you;
  3. To support our legitimate business interests’
  4. In compliance with a mandatory legal obligation;
  5. Your vital interest;
  6. Public interest.

12. Disclosure of personal data

  • We will not share personal information with any other individual, company or organization except in the following cases:-
  1. Where we have gotten your consent;
  2. For legal reasons where there is a court order or a legal obligation which we have to comply with;
  3. where it is necessary to do so in order to enforce the Terms and Conditions and other agreements, or where it is necessary in order to investigate potential breaches;
  4. in order to report defaulters to a credit bureau;
  5. To Fraud prevention and anti-money laundering agencies;
  6. in order to publish statistics regarding the App’s usage, where information relating to users will be aggregated and made anonymous.
  7. to any member of our business group, which includes subsidiaries, the group’s ultimate holding company and its subsidiaries, developers, partners who are involved in the delivery of Umba services that you use;
  8. where Umba takes the decision to sell or buy any business or assets, where personal data may be provided to the prospective seller or buyer or such business or assets which shall only do with your consent.
  9. where a third party acquires Umba or all of its assets, where personal data which is held on its customers will be listed as one of the assets to be transferred.
  10. Umba may disclose anonymous aggregate information concerning the users, such as the number of women in a certain age bracket that have applied for a loan in a specific time period.
  11. Any other person we deem legitimately necessary to share the information with.

Some of your information may be passed on to Third Parties when you send or receive money or credits to other Users. We will not disclose any information to a party acting beyond its legal mandate.

  • Where we share personal data in the cases listed above we take all necessary steps to ensure that:-
  1. The data is processed lawfully;
  2. We only disclose what is necessary ;
  3. The data is kept secure and all safeguards are put in place to ensure its protection.

13. Direct Marketing

You may be required to opt in or give any other form of explicit consent before receiving marketing messages from us. Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product, service already taken up.

We will not share your information with any Third Parties for marketing purposes except with your express consent.

14. Automatic individual decision making

We recognize the right of every data subject not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning or significantly affects the data subject.

Therefore we only engage in automated processing where:-

  1. It’s necessary for entering into or performing a contract between you, the data subject, and the Company.
  2. It is authorized by law which we are subject to and lays down suitable measures to safeguard your rights, freedoms and legitimate interests
  3. Where we have gotten your consent

When we engage in automated processing that affects you we will notify you in writing. You then have 7 days from the day of notification to request that we consider the decision or take a decision that is not based solely on the automatic processing.

Once we receive that request we will consider it and notify you in writing of the steps we have taken to comply with the request and the outcome of complying with the request.

15. Security

We have put in place technical and operational measures to protect your information from unauthorized access, accidental loss or destruction. Some of the measures we take inlcude;

  1. Use of HTTPS for all communications with our servers.
  2. Storage in services which are encrypted at rest and are secured by SSH.
  3. instructions concerning physical protection of the database sites and their surroundings;
  4. access authorizations to the database and database systems;
  5. description of the means intended to protect the database systems and the manner of their operation for this purpose;
  6. instructions to authorized users of the database and database systems regarding the protection of data store in the database;
  7. the risks to which the data in the database is exposed in the course of the civil registration entity's ongoing activities, including those originating from the database systems structure, the manner in which the risks are identified and dealt with, including encryption mechanisms to protect the data stored in the database or in the database systems;
  8. the manner of dealing with information security incidents, according to the severity of the incident;
  9. instructions concerning the management and usage of portable devices;
  10. instructions with respect to conducting periodic audits to ensure that appropriate security measures, in accordance with the Procedure and these Regulations exist; and
  11. instructions regarding backup of personal
  12. carry out periodic audits to ensure the company complies with data protection laws and policies.
  13. Periodical audits to ensure the data held is accurate and up to date.

We restrict access to personal information to our employees, contractors, and agents who need that information to process it and facilitate service delivery. Anyone with this access is subject to strict contractual confidentiality obligations.

However, we cannot ensure or warrant the security of any information provided to us by a data subject. We do not accept liability for unintentional disclosure.

In the event of a security breach that involves a data subject’s personally identifiable information we will communicate to the data subject in writing within a reasonably practicable period and take all other action that is necessary to mitigate the breach.

This communication may be limited where it is necessary and appropriate for purposes of prevention, detection or investigation of an offence.

16. Where we store your data

Data which is collected by Umba from the individual user may be moved to and stored at a location outside Kenya. Staff that operate outside Kenya who are employed by Umba, any member of our business group, or one of our suppliers may be charged with processing the data. Such staff members may be tasked with dealing with requests made by the individual user.

You acknowledge that by submitting your personal data, you accept its transfer, storage or processing.

Umba will ensure, as reasonably as possible, that your personal data is treated securely and in accordance with the provisions set out in this Privacy Policy.

Umba notes that the passing of information over the internet is not entirely secure. While Umba will endeavour to ensure that the individual user’s personal data is protected, the security of the user’s data transmitted to our websites cannot be guaranteed. Any transmission is at the user’s risk. When the individual user’s information has been received, Umba will use strict security features and procedures in an effort to ensure that unauthorized access does not occur.

17. Complaints handling

All complaints from data subjects regarding the way data is handled will be forwarded to:

A complaint can be made either orally or in writing but where an oral complaint is made the designated officer will as soon as practicable reduce the oral complaint into writing.

We will investigate every complaint that we receive and get back to you within 14 days of receiving the complaint.

If you are not satisfied with the findings you have the right to appeal or to lodge a complaint to the Data Commissioner established under the Data Protection Act of Kenya, 2019.

18. Changes to this Policy

We reserve the right to update or change our Privacy Policy at any time and you should check this Privacy Policy periodically. Your continued use of the Service after we post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.

If we make any material changes to this Privacy Policy, we will notify you either through the email address you have provided us, or by placing a prominent notice on our website or at our office.

19. Contact us

Any correspondence including comments, questions and requests relating to the Privacy Policy are happily received and can be addressed to

Terms of Service

This Terms of Service is an agreement between you and umba that governs your access to and use of the umba Micro Finance platform. The following should be reviewed prior to use of the platform.


Please take note of the following Terms which are used in this Terms of Service:

  • "User" is a person that applies to, or registers to use, or uses, the Platform to drawdown and/or repay loans.
  • “The Platform” describes the umba Micro Finance platform in its entirety.
  • MNO’s: Mobile Network Operators
  • A user first has to register their account details with the umba.
  • User Account: The account used to view, make and and pay back loans.
  • Drawdown: The processing of making a request through the Platform that results in the receiving of finance.
  • Repayment: The processing of sending a transaction through mobile money payments operator to the Platform to repay a loan.
  • Transactions: Combined terms for Drawdowns and/or Repayments.
  • “We”, “The Platform” or “us”: umba.

Registering with umba

In order to gain access to the Platform you agree to provide:

  • All required fields in the onboarding process
  • A valid mobile phone number that funds can be transferred to
  • A valid National I.D to prove identity and age
  • Any information you do provide us with is the most current and accurate available
  • You are required to keep your personal information up to date
  • Additional information may be required to allow you additional, full or continued use of the service
  • Proof you are over 18 (National I.D)

umba reserve the right and sole discretion to refuse or terminate in progress registrations with or without cause or notice.  

Transaction Information

Please note the following points as part of the Terms of Service;

  • The Platform facilitates the drawdowns and repayment of loans.
  • The Platform will store information for a period of 7 years.
  • The Platform will allow the exporting of transaction information.

We reserve the right to suspend account activity on suspicious accounts.

Limitations on the Use of Service/ Platform

  • Without notice and without liability, umba reserve the right to change, suspend or discontinue any aspect of the Service at any time, including hours of operation or availability of the Platform or any Platform feature.
  • umba also reserve the right to impose limits on certain Platform features or restrict access to parts or all of the Platform without notice and without liability.
  • umba do not warrant that the functions contained in the Service will be uninterrupted or error free, and we shall not be responsible for any service interruptions (including, but not limited to, power outages, system failures or other interruptions that may affect the receipt, processing, acceptance, completion or settlement of Payment Transactions or the Service).

umba may limit or suspend your use of the Platform at any time, in our sole and absolute discretion. If we suspend your use of the Platform, we will attempt to notify you by email.

Username and Password Information

The User is responsible for:

  • Maintaining the confidentiality of your username and password.
  • Any and all transactions by persons that you give access to or that otherwise use such username or password.
  • The User agrees to notify us immediately of any unauthorized use of your username or password or any other breach of security regarding the Service of which you have knowledge.

Service Fees

The interest fee’s charged will be on a per loan basis and will be visible in the loan schedule before a User makes a Drawdown. umba is not a bank or other chartered depository institution. umba is a non deposit taking Micro Finance Institution.

Third Party Information

umba reserve the right to share aggregate loan and account information with third parties.

a)  Customer Declaration:

In connection with this application and/or maintaining a credit facility with umba, I authorise the umba to carry out credit checks with or obtain my credit information from, a credit reference bureau. In the event of the account going into default, I consent to my name, transaction and default details being forwarded to a credit reference bureau for listing. I acknowledge that this information may be used by banking institutions and other credit grantors in assessing applications for credit by me, associated companies, and supplementary account holders and for occasional debt tracing and fraud prevention purposes.

b)  Disclosure of information:

i. You agree that umba may disclose details relating to your account to any third party including credit reference bureaus, if in the Lender’s opinion such disclosure is necessary for the purposes of evaluating your creditworthiness or any transaction with or credit application made to the Lender or such third party, maintaining your Account with the Lender or for any other lawful purpose.

ii. You agree that the Lender may disclose details relating to your account including details of your default in servicing financial obligations on your account to any third party including credit reference bureaus for the purpose of evaluating your credit worthiness or for any other lawful purpose.

Termination of Service

umba may, in our sole and absolute discretion without liability to you or any third party, terminate your use of the Platform for any reason, including without limitation inactivity or violation of this Terms of Service or other policies we may establish from time to time. Upon termination of your use of the Service, you remain liable for all outstanding loans and any other obligations you have incurred. Upon termination, we have the right to prohibit your access to the Platform, including without limitation by deactivating your username and password, and to refuse future access to the Platform by you.

Limitations of Liability; Force Majeure

umba shall not be liable to the Merchant in the event of any disruption of the Service or the Payment Platform or any part thereof resulting from Force Majeure and umba may suspend the Service or part thereof in such an event. Force Majeure for purposes of this Terms of Service means any situation or event that makes it impossible for umba to perform its obligations and includes but is not limited to any act of God such as lighting, floods, earthquakes, prohibitive decisions made by the government or local authority or civil war conflict and industrial strikes as well as any global or partial dysfunction of the Service caused by disruption or suspension of the telecommunication facilities.

Jurisdiction; Governing Law

This Terms of Service shall be governed in all aspects in accordance with English Law and a court of complete jurisdiction in The UK shall determine every claim or dispute arising out of or in connection with this Terms of Service.

Modification of Terms of Service

umba have the right, in our sole and absolute discretion, to change, modify, or amend any portion of this Terms of Service at any time by posting notification on Web Site or otherwise communicating the notification to you. The changes will become effective, and shall be deemed accepted by you, after the initial posting and shall apply on a going-forward basis with respect to Payment Transactions initiated after the posting date. In the event that you do not agree with any such modification, your sole and exclusive remedy is to terminate your use of the Service.